Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0842

4 documents4 sources
Severity
7.5HIGH
EPSS
84.3%
top 0.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Avaya Modular Messaging Message Storage ServerMicrosoft IEMicrosoft Internet Explorer
Timeline
PublishedDec 23
Latest updateApr 29

Description

Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

NVDmicrosoft/internet_explorer5.0.1, 5.5, 6.0+2
NVDmicrosoft/ie6.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-g4xq-83hp-jc9q: Internet Explorer 62022-04-29
CVEList
CVE-2004-0842: Internet Explorer 62004-09-14

💥Exploits & PoCs

1
Exploit-DB
Microsoft Internet Explorer 5.0.1 - Style Tag Comment Memory Corruption2004-07-08
CVE-2004-0842 (HIGH CVSS 7.5) | Internet Explorer 6.0 SP1 and earli | cvebase.io